Knowledge Base

Table of Contents

Audit logs

Brands need to be able to consume and parse detailed audit logs of any significant action taken in their Sparkcentral environment by users.We already have audit trails that track actions made on a conversation by users.

Audit logs search

You can search the audit logs (based on keywords and/or for a specific user) and see what happened by whom and when.

You can find this feature under SettingsPrivacy & SecurityAudit Logs

Downloading the logs

The Sparkcentral application logs changes that are made by admins in the settings section of the application. These audit logs are stored in an AWS S3 bucket and can be accessed directly(AWS CLI, AWS SDK, …) or using SFTP.

The Audit Logs will be written every hour, where each line entry will identify actions taken within the Sparkcentral Settings by an Admin.

Example

TimestampActionUser
2020-02-10T09:30:49Zset the inactive session length to 25 minutes
john.doe@sparkcentral.com
2020-02-05T10:40:40ZContact attribute Email (id:d90a3cdb-4803-11ea-9e10-9359a1592b25) disabled
john.doe@sparkcentral.com
2020-02-05T11:48:30ZTag Billing with id 8598 was created
john.doe@sparkcentral.com
2020-02-06T13:16:20.3ZCRM Integration created. Status: ACTIVE
john.doe@sparkcentral.com
2020-02-06T12:55:25.4ZBusiness hours changed for auto responder autoresponder
john.doe@sparkcentral.com
2020-02-06T09:00:20ZVirtual agent Sales VA deleted
john.doe@sparkcentral.com
2020-02-06T10:39:35ZUser Jane Smith created with role agent and id 0-025774ab72f-000-dfe82f18
john.doe@sparkcentral.com

Included actions

Account preferences
  • Inactive session length changed
  • Remove Ownership setting enabled/disabled
  • Boomerang all pending messages set to X min
  • Boomerang all pending messages changed to X min
  • Boomerang all pending messages disabled
  • Automatically split tweet over 280 characters setting enabled/disabled
  • When replying include all mentioned users by default setting enabled/disabled
  • Bring in FB visitor posts and comments enabled/disabled
  • Bring in FB comments on posts published by page enabled/disabled
  • Bring in comments on FB dark posts enabled/disabled
  • Bring in messages sent to FB Page enabled/disabled
Channels
  • New Channel added
  • Auto-ownership of conversations enabled/disabled for channel XAgents 
  • Automatically granted access to any channel on Sparkcentral
  • Automatic agent access to any channel on Sparkcentral removed
  • Access to channel X given to user Y with role role Z (Viewer/Contributor/Supervisor)
  • Channel X deleted
Users
  • User X given access to channel channel Y
  • User X’s role changed from role Y to role Z
  • User X removed from channel Y
  • Virtual Agent X added/deleted
  • Virtual agent X given access to channel Y
  • Webhook url for Virtual agent X changed
  • Script element added/deleted for virtual agent X
  • Offline message changed for virtual agent X
  • Inactive duration changed for virtual agent X
  • Business hours changed for  virtual agent X
  • Auto-responder escape word changed for virtual agent X
Tags
  • Tag X added/deleted
  • Tag ID’s tag name changed from Tag X to Tag Y
Topics
  • Topic X added/deleted
  • Topic ID’s Topic name changed from Topic X to Topic Y
Automations
  • Automation X added/deleted
  • Automation ID’s name changed from Automation X to Automation Y
  • Automation X edited
  • Automation X added to channel Y
  • Automation X removed from channel Y
  • Automation X enabled/disabled
Knowledge Base
  • Knowledge BaseCollection X added/deleted
  • Collection X title changed from Collection X to Collection Y
  • Collection X editedCollection X added to channel Y
  • Collection X  removed from channel Y
  • Snippet X added/removed from/to Collection Y
  • Snippet X’s title changed Snippet X to Snippet Y
  • Article added/removed from/to Collection Y
  • Article X title changed Article X to Article Y
Away States
  • Away State X added/deleted
  • Away State X name changed from Away State X to Away State Y
  • Away State X enabled/disabled
Contact Attributes
  • Contact Attribute Auto-clear duration set to X
  • Contact Attribute X added/deleted
  • Contact Attribute X enabled/disabled
  • Contact Attribute X  Name changed from Contact Attribute X to Contact Attribute Y
  • Contact Attribute X marked as CRM managed attribute
  • Contact Attribute X added/removed as lookup attribute
  • Contact Attribute X selected as Matching attribute
  • Contact Attributes reordered
  • Contact Attribute X selected as Matching attribute
CRM Management
  • Shared secret set for CRM Management
  • Shared secret changed for CRM Management
  • Notification URL set
  • Notification URL changed
  • Lookup URL set
  • Lookup URL changed
  • Write-back URL set
  • Write-back URL changed
Block Contact
  • Block contact functionality enabled/disabled
  • Customer X blocked/unblocked
Delete Contact
  • Delete a contact
SSO
  • SSO Enabled/Disabled
  • XML Metadata uploaded
  • Single logout enabled/disabled
  • Email address claim name added
  • Email address claim name changed
PII Handling
  • Credit card number masking checked/unchecked
  • US Social Security number masking checked/unchecked

SFTP

To learn how to connect to your instance via (S)FTP, click on the following button:

AWS CLI

  • Provide Sparkcentral with the ARN of the IAM user or the IAM role that will be grantedaccess to the S3 bucket. E.g. arn:aws:iam::<AWS_ACCOUNT>:role/<ROLE_NAME>.
  • Attach a policy to the IAM user or IAM role that allows the s3:GetObject and s3:ListBucket actions for the S3 buckets.
  • Below is an example for the PROD / US environment:
{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "s3:GetObject",
            "s3:ListBucket"
         ],
         "Resource":[
            "arn:aws:s3:::com.sparkcentral.prod.audit",
            "arn:aws:s3:::com.sparkcentral.prod.audit/*"
         ]
      }
   ]
} 
  • Below is an example for the PREU / EU environment:
{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "s3:GetObject",
            "s3:ListBucket"
         ],
         "Resource":[
            "arn:aws:s3:::com.sparkcentral.preu.audit",
            "arn:aws:s3:::com.sparkcentral.preu.audit/*"
         ]
      }
   ]
} 

Sparkcentral will notify you when access is granted to the bucket and provide you with the <ORGANIZATION_ID>.

Please keep in mind that access will be limited to the s3:GetObject and s3:ListBucket actions and prefix /public/<ORGANIZATION_ID>/.

Test access using AWS CLI with the following command:

aws s3 ls s3://com.sparkcentral.prod.audit/public/<ORGANIZATION_ID>/ 
Amazon AWS' policies

Was this article helpful?

You already voted!

We're always happy to help you ❤️!

Did you know you could help us too?

We love feedback from our users. It’s incredibly important for our business. That’s why a positive recommendation from your company could really make a difference!